[erlang-questions] Malformed countryName in x509 certs + public_key

Andy Bailey andy.bailey@REDACTED
Mon Jun 2 23:28:44 CEST 2014

Hi All,

 I'm working on an Erlang project that entails controlling some
 devices that expose a SOAP api. The device manufacturer made a
 mistake and shipped the devices with a cert where the countryName
 field in the cert subject is three characters long.

 Even with verification disabled via ssl options, we get a crash while
 parsing the cert (this stack with with R15B01 but I get the
 same results with 17)

 So presumably the cert runs afoul before the normal verification
 steps, and disabling verification doesn't help.

 Normally it wouldn't be a big deal to replace these certs, but there
 are a bunch of them and the process entails an interruption of
 service on the device, so I'm hoping to find a workaround.

 One option would be to modify public_key to accept the three byte
 value until we can get the certs rotated- I've experimented with
 modiying PKIX1Explicit88.asn1 and recompiling with asn1ct, but I am
 totally clueless in this area and suspect I may be on a fools errand :)

 Anyhow- my purpose in mailing the list was to see if any other erlang
 users have run into a similar predicament, and to see if you found a
 good strategy for working around it. 

 Thanks in advance!


More information about the erlang-questions mailing list